Title: EPHEMERAL DECRYPTION 
UTILIZING BLINDING FUNCTIONS 
Inventor Name: Radia J. Perlman 
Docket No. : P9238 



1/7 



r 



< 



r 



14 



16 



10 



18 



20 



22 



EKP1 
EKP2 
EKP3 
EKP4 
EKP5 



EKPN 

EKPN+1 
EKPN+2 

EKPN+3 



EKPN+m 



Pub-Key, 


Priv-Key, 


Expiration Time, 


Key Id, 


Other Data 


Pub-Key 2 


Priv-Key 2 


Expiration Time 2 


Key ld 2 


Other Data 


Pub-Key 3 


Priv-Key 3 


Expiration Time 3 


Key ld 3 


Other Data 


Pub-Key 4 


Priv-Key 4 


Expiration Time 4 


Key ld 4 


Other Data 


Pub-Key 5 


Priv-Key 5 


Expiration Time 5 


Key ld 5 


Other Data 


I I I 
I I I 
I I I 
I I I 


Pub-Key n 


Priv-Key n 


Expiration Time n 


Key ld n 


Other Data 


Secret-Key, 


Priv-Key, 


Expiration Time, 


Key Id, 


Other Data 


Secret- Key 2 


Priv-Key 2 


Expiration Time 2 


Key ld 2 


Other Data 


Secret-Key 3 


Priv-Key 5 


Expiration Time 5 


Key ld 5 


Other Data 


I I 
I I 
I I 
I I 


Pub-Key m 


Priv-Key n 


Expiration Time n 


Key ld n 


Other Data 



Figure 1a 



Title: EPHEMERAL DECRYPTION 
UTILIZING BLINDING FUNCTIONS 
Inventor Name: Radia J. Perlman 
Docket No. : P9238 



2/7 



Node A 
12 



Network 
10 



NodeC 
16 




Node B 
14 



Anonymizer 
18 



Fig. 1b 



To Network 
10 

A 



Network Interface 



110 



Nodes 
12, 14, 16, 18 



Processor 
100 



Disk 
108 



Memory 102 



OS 
104 

Application 
106 



Fig. 2 



Title: EPHEMERAL DECRYPTION 
UTILIZING BLINDING FUNCTIONS 
Inventor Name: Radia J. Perlman 
Docket No. : P9238 



3/7 



Node A encrypts message M with Node C's ephemeral 

public key having a key ID 
{M} (e,n)=M e mod n= W 

300 



Node A securely provides the encrypted message and 
key ID to Node B 
301 

i 

Node B blinds W with a blinding function R having an inverse R- 1 
such that R*R 1 = 1 mod N to form (W*R e ) mod n=X 

302 



Node B communicates X and the key ID to Node C 

304 



t 

Node C decrypts X with Node C ephemeral private key 
corresponding to the key ID {X} (d,n)=M*R 

306 

i ~ 

Node C communicates M*R to Node B 
308 



Node B unblinds the blinded message using the multiplicative 

inverse function R 1 
M*R*R 1 = M 
310 



Fig. 3 
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Node A selects an ephemeral public key of the form 
g x mod p where g and p are both known and having 

a key ID 
402 



Node A selects a first blinding function y and 
computes the exponentiative inverse blinding 
function y 1 where y*y~ 1 =1 mod p-1 
404 



Node A raises g to the y mod p, raises g x to the y 
mod p to form g xy mod p, saves g y mod p, encrypts 
message M using g xy mod p, and discards y and 
g xy mod p 
406 



Node A securely communicates the encrypted 
message, the key ID, and g y mod p to Node B 

407 

i 

Node B selects blinding funtion z and computes z" 
such that z*z" 1 = 1 mod p-1 
408 



Node B raises g y mod p to the power z forming g yz 

mod p 
410 



Node B provides g yz mod p and the key ID to the 
decryption agent, where the decryption agent forms 

g xyz mod p 
411 




Fig. 4a 
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Node B receives g x v z mod p from the decryption agent 

412 

3 

Node B raises g x * z mod p received from the decryption 
agent to the z -1 power to form g^ mod p 
414 



Node B decrypts the encrypted message {M}g x y mod p by 
decrypting using g xy mod p 

416 



Fig. 4b 



Title: EPHEMERAL DECRYPTION 
UTILIZING BLINDING FUNCTIONS 
Inventor Name: Radia J. Perlman 
Docket No. : P9238 



6/7 



that satisifies z** 7-1 = 



Node A selects a first blinding function z having an inverse z _1 
z _1 =1 mod p-1 and an ephemeral key having a 
key ID 
502 



Node A raises the clear message M to the power z mod p to 

form M z mod p 
504 



Node A provides M z mod p and the key ID to the encryption 

agent 
506 



Encrypt i on ayent anciypls tJF mud p us i ny llm yplieme r a l 
secret encryption key x that has a decryption key x 1 both 
corresponding to the key ID to form 
M 2 * mod p 
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Node A receives the encrypted message M xz mod p from the 

encryption agent 
510 



Node A unblinds the encrypted message M xz mod p using z* 1 to 

form M x mod p 
512 



Node A securely provides the encrypted message and the key 

ID to Node B 
513 




Fig. 5a 
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Node B selects a blinding function j having an inverse j -1 such that 
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Node B raises the encrypted message M x mod p to the power j to form 

M x * mod p 
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Node B provides the message M x i mod p and the key ID to the decryption 
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Decryption agent decrypts the message M xj mod p using the 
ephemeral x~ 1 corresponding to the key ID to form Mi mod p 
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Node B receives the message M j mod p from the decryption agent 
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Node B unblinds the message by raising M j mod p to the power j' 1 to form 

the clear message M 
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